Is Your WordPress Blog at Risk from the Epsilon Email Theft?

I’ve just published news and tips on how to respond to the recent announcement and news about the Epsilon email theft on WordCast, “Epsilon Email Lists Breached: How to Protect Yourself.” I’ve included a list of the companies involved and tips on how to identify email phishing scams, deal and respond to them, and advice on prevention.

One of my email addresses might be in the list of more than 40 million (and growing) stolen. I’ve reward cards with some of them. Is yours?

A client called me with the news that she was registered with six of the accounts on the Epsilon email theft company list, and that her son might also be on the list as his school is listed among the companies losing their contact information to thieves. She wanted to know if her WordPress business blogs were at risk. By the end of the day, with further announcements of more companies added to the growing list of victims, three more clients called.

It’s a good question. Could you WordPress blog be at risk?

Is My WordPress Blog at Risk from the Epsilon Email Theft

Her WordPress blogs would be at risk only if the thieves were determined and could make some connection between her site ownership and her contact information, and if she used the same email and wasn’t clever about her username and/or passwords.

The first premise is a huge leap. Yet, if they were really determined to squeeze out every last juice of evil and opportunity in the information in their hands, could they make that leap?

Probably not.

However – and this is a stretch – such lists don’t stay in the hands of one person. Such a list is worth serious money, often going to the highest bidder or someone with plans to market this the best way they can through the security theft criminal rings that plague us.

Down the road, say a year or two, the whole list or some part of it could fall into the hands of someone who had enough smarts to not seek viable and meaningful employment but is wicked enough to run it through a WHOIS database to match names with website owners. While it’s the stuff of fiction, anything is possible if one is determined enough.

Could they use your contact information, your name and email to gain access to your WordPress site? Would they want to? Probably not, but could they?

If your username is the same as your name or your name and the first initial of your last name, or some easy combination, with that and your email address, they could get your password reset. Unless they had hacked into your email account, the odds are they couldn’t get into your site specifically.

They may be able to use such information to gain access to your web server host by convincing them they are you with your contact information. Hopefully, web hosts will be smarter with handing out security access. Check with your site host on their privacy and security policies.

I can’t think of any other way they could use this information to directly break into your WordPress blog, but they could cause you trouble, if the trouble could bring them gain.

Odds are, not.

This doesn’t mean you are safe. I recommend you change passwords to your WordPress blog and all access points to your site, and consider getting a new or blog specific email, just in case. At the very least, you might sleep better at night.

As a refresher, here are more ways you can protect yourself and your WordPress blog.

I’ve seen a growing number of scams, phishing, and malware with WordPress, specifically WordPress Themes, Plugins, and out-of-date versions of WordPress. WordPress expert, Otto of OttoPress investigated a WordPress malware hack last year, uncovering the insidious methods they use. Having had two of my sites and a few client’s attacked in the past couple years, trust me when I tell you that removing this evil is time consuming, time wasting, and very hard work. If you are infected and don’t have much technical experience with servers, databases, or WordPress, hire a professional. Honestly.

In addition to the tips I provided in the Epsilon Email Theft article, I’d like to offer a few more WordPress-centric tips.

At a minimum, secure your WordPress blog by changing the administration name to something complicated, changing the database table prefix from wp- to a1b2c3- or more complex, and using a very strong password on the blog, database, FTP, cpanel, and any other access to your site.

Don’t share your private login or information through examples in text, screenshots, or video. If you do screencasts or take any visual images of the WordPress Administration Panels, your database, Cpanel, or similar, blur or black out any private information or data that could put your site, or someone’s information at risk.

If someone or thing does you wrong, do not seek revenge or publicly expose them. Use the right methods for reporting abuse, phishing, spam or scams and keep it to yourself or educate without naming names or pointing fingers. Libel and defamation are on the rise, so don’t risk it.

I’ve written a lot about how to protect your WordPress blog, your email, your social network exposure, and your privacy in general. Each time, I dream it will be the last.

It is an exciting new world out there in the social web, but like in the real world, we have to play safe. I’d love to spend more time sharing the joyous side of blogging and stay away from the dark side of the blorce, so please, share the news, tips, and help others learn from day one how to stay safe on the web.

6 Comments

Thanks Lorelle for this valuable tip. I’ve just been through repairing my site after it was hacked. I did spend a lot to have it put in order. Oftentimes, my busy schedules make me neglect my blog security. My sincere gratefulness for sharing what you know. Thanks a lot!

Wow thanks for a great article, this was the first that I have heard of it. I run a social network on the wordpress platform using buddypress and luckily have not had any problems. I do however have people joining using ”bots” and posting a lot of content on the network that is not really needed, so this keeps me busy. Thanks again will keep an eye on your blog for future posts.

Thanks. Luckily, the Epsilon email theft appears to not impact WordPress blogs, as I predicted, but rumors are spreading that some people are seeing an increase in email hacks. Three friends who were on those lists were hacked, so you are right. Prevention is the best medicine.

5 Trackbacks/Pingbacks

Is Your WordPress Blog at Risk from the Epsilon Email Theft? « Lorelle on WordPress…

I’ve just published news and tips on how to respond to the recent announcement and news about the Epsilon email theft on WordCast, “Epsilon Email Lists Breached: How to Protect Yourself.” I’ve included a list of the companies involved and tips on how t…

[…] Is Your WordPress Blog at Risk from the Epsilon Email Theft? Published: April 5, 2011 Source: Lorelle on WordPress I’ve just published news and tips on how to respond to the recent announcement and news about the Epsilon email theft on WordCast, “Epsilon Email Lists Breached: How to Protect Yourself.” I’ve included… […]